I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan. If you launch a business and you have not done the work to have a business plan, then in 99.999% of situations, your business will fail. A business plan includes market & competitive research, a revenue plan based on that research that includes realistic pricing models and costs, a marketing plan, and several options for when things don't turn out like you planned. This isn't even Business 101, this is like Remedial Intro to Business. If you don't have this worked out before you launch, you have already failed.
The corollary for this is as a user, you should determine whether or not the business you are planning to depend on has a business model before you choose to depend on them. If there is no apparent income stream, then the business will close at some point and you may as well skip all the heartburn and choose not to use that business for anything you care about. BlueSky, I'm looking at you right now.
> I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan.
Not in tech you don't. The business plan these days is try and get as much investment money as you can to redistribute to your friends, have a few parties, hand out some Macbooks and try to get acquired by Google before your runway runs out.
I'd wager most still successful businesses weren't started with much of a plan, especially if they offer services instead of products. I started mine by paying less than a hundred bucks to incorporate on a whim, and was successful for many years. The only reason I shuttered it is because it led me to programming and I went off in that direction instead. There are many such examples everywhere you look, so it's not just anecdotal. I'd say that all one needs is determination and a vision.
Privacy enthusiasts tend to align with anarchists - people who intrinsically distrust institutions. Maybe this also correlates with qualities like blind optimism, or disbelief in institutions like capitalism?
When I was in college, we were required to take a business class (Business 101) that mandated a finished business plan as part of the project.
It had to be long, in-depth, and include everything you mentioned.
I was incredibly surprised when I entered the tech and startup workforce that these were generally absent.
I had misunderstood the class and instructor and thought that you couldn't even start a business without one.
Then, when I started raising money for my own venture, I thought for sure a complete business plan was a prerequisite.
Nope. A few graphs, preferably hockey-shaped, and a good story were all that was necessary.
My venture failed, of course. But if I were to do it again, I would do myself the favor of having a complete plan. It would definitely save a lot of headaches and guessing in the moment.
Not every organization can or should be a business, this is dead wrong. Organizations including non-profits and social ventures need sustainability plans rather than business plans. These are largely similar but the values are different.
Some of the slippery slopes include the wanton privatization and outsourcing of government especially for things that create perverse incentives like for-profit prisons, education, and healthcare, and so-called private-public "partnerships" that usually turn out to be predatory "gotcha capitalism" monopolies that charge people for things that were previously free and paid for with taxes as commonwealth services.
OTOH, another pathology can happen in all sorts of money collecting organizations by putting profits/fees before mission, such as by making worse products or services to sell more of them, seeking maximum fines or fees unreasonably without offering value or a public service, or charging unreasonable fees for things that cost almost or nothing.
Here is an example of one of their core growth plan items from the strategy above:
"Social Media Campaigns, Organic and Paid
Driving key messages around digital hygiene, decentralisation, and security on social media platforms to raise awareness."
The whole pdf is basically a collection of the remedial "go-to" SaaS growth blog posts everyone thinking about startups read: make content, build a community, turn your community into advocates, write about things people care about etc etc.
Given I've done this stuff for some 20+ years now, here is what is missing and frankly what most folks miss/don't want to admit:
This document basically has no ICP, who is the ideal customer? What is their persona? Who specifically are they, like, super specifically! You can't start with "oh anyone who wants anon-privacy first msg'ing!" That would have been like me at digitalocean saying "oh it's for anyone who needs a VM" - you can't execute a series of steps with that, you can't boil the ocean so to speak, we had to work through communities one at a time, we did: rails, node, php, devops/config management, in that order, split up over quarters and years, maybe it looked like we just...did developers, but we didn't, we slowly worked our way through all the developer communities slightly tailoring towards them while keeping things general enough.
The biggest problem here tho is the classic vitamin vs. aspirin problem. They're selling "better privacy" and "decentralization" - these are vitamins for the vast majority of people - they're things people say they care about in surveys but don't actually switch apps for. The 85% of adults who "want to do more to protect their privacy" aren't switching off WhatsApp. Are they the most secure messenger, or are they a token ecosystem with staking? Those attract fundamentally different people with different motivations...so just bolting them together creates confusion.
Folks need to stop thinking "we're going to do marketing" = "we're going to build a business" marketing, go to market, growth.. these are tiny components of overall business strategy.
Slack (originally an MMO), Nintendo (card games), Nokia (rubber shoes) and Netflix (DVDs over snail mail) would disagree.
"We'll gather a bunch of talented people together, figure out what this industry needs and then do that, let's hope we can do that before the money runs out" can be a viable business plan. There's no guarantee it's going to work, there's never a guarantee a plan is going to work, but it can work sometimes.
That’s not really a big deal since the session encryption was insecure anyway. It feels almost like a honeypot after they've removed forward secrecy. If you’re looking for a decentralized alternative SimpleX Chat is a more secure option.
Surprised to hear this since my understanding was that Session was run on a crypto coin based, user hosted onion routing servers. Do they mean the dev company behind Session is shutting down?
An anecdote I have: a friend once had narcotics shipped intl. through Session a few years ago.
I'd love to know where the $600k that Vitalik Buterin donated to them 3 short months ago went. I don't think they've adequately addressed this question.
My advice: If you want people to give you money so that you don’t have to shut down, and you’re writing a ten paragraph plea for donations, consider using one of those paragraphs to tell people what your thing is.
It's sad but I'll forever remember them for having the best tagline ever on their frontpage:
"Send messages, not metadata"
We all know who this is directed at: the project(s) pretending to offer privacy but that need to collect your cellphone and that'll happily be able to know who you exchanges messages with.
Project(s) whom, moreover, have often weird shills that, if you squint your eyes just a little bit, suddenly look like xxxINT moles.
So if only for that tagline, thanks a huge lot: metadata are more important than the content of the messages themselves and you have no privacy if your phone number and contacts are known.
I had never heard of this, why session over signal?
Edit: here is a snippet from google AI:
Signal is a secure, user-friendly WhatsApp alternative requiring a phone number, while Session prioritizes maximum anonymity with no phone number, onion routing, and a decentralized network
I could never get it to work and I've tried several times. I kind of get the feeling I'm being blocked at the ISP level. We entered an era of the Internet where you're just not allowed to create secure communications.
They should keep a single competent and curious senior developer who can do it all. In this age of AI, you can make do without having a whole team of developers.
A few months ago, a Session update logged me out. I tried to log back in, but my passphrase caused Session to crash. I tried the Play Store version, the F-Droid version, and the desktop version.
Support told me that login method had been around for a while, and I didn’t know it. So suddenly, I was locked out and couldn’t access MY ACCOUNT. I used to promote Session, but since their support response was basically a big “fuck you,” I say “fuck you too,” and I hope people switch to SimpleX.
I like the idea. But I’m pretty happy with Signal. Signal does require a phone number I think, but otherwise seems very similar.
Grounding identity in a phone number is very reasonable for almost all normal usage. It makes recovery simple. It does block the ultra paranoid use cases though. Oh well.
Running a nonprofit is really, really hard and I commend them for doing it. I hope they get through this crisis.
Hack Club almost went insolvent in 2017. We would have, if it wasn’t for 2 friends who stepped in near the end and saved us. Today there are tens of thousands of teens involved and doing amazing things.
I’m disappointed by all the negativity in the comments. I’m not familiar with Session, but raising donor funds is a very different skillset than software engineering and anyone who is trying to do both has my respect.
Session was Australian based which means they would have to do all sorts of horrible things when asked by the government, such as even letting police impersonate users...
I just checked and they claim to have moved their infra to Switzerland.
There are many other issues, some I've forgotten about since I would never trust it in the first place. They also require a phone number even!
Seeing them go, I feel neutral. It's always good to have more anonymity software, just not this for me.
> In most markets Senior developers often command salaries exceeding $150,000 USD per year, and on top of this there are legal and operational overheads for running the STF.
Translation:
Our product makes no money, has no use case and we need $1M to survive.
Two ways a PE "cost saver" would fix this:
1. Claude + 1x senior engineer (in India).
2. CTO + Claude and no senior engineers / employees.
Given we have (allegedly) achieved "AGI" (heavily disputed) they don't need as many employees.
Especially those that are after $150k+ which when you can vibe code with Claude for less than $10k anyway. /s
181 comments
The corollary for this is as a user, you should determine whether or not the business you are planning to depend on has a business model before you choose to depend on them. If there is no apparent income stream, then the business will close at some point and you may as well skip all the heartburn and choose not to use that business for anything you care about. BlueSky, I'm looking at you right now.
> I feel like a crazy person for having to write this, but: if you are starting a business (yes, non-profits are businesses), then you need to have a business plan.
Not in tech you don't. The business plan these days is try and get as much investment money as you can to redistribute to your friends, have a few parties, hand out some Macbooks and try to get acquired by Google before your runway runs out.
we’ll never actually have this data, but I bet there isn’t much correlation if any between having a business plan and being successful.
have you started a successful business?
It had to be long, in-depth, and include everything you mentioned.
I was incredibly surprised when I entered the tech and startup workforce that these were generally absent.
I had misunderstood the class and instructor and thought that you couldn't even start a business without one.
Then, when I started raising money for my own venture, I thought for sure a complete business plan was a prerequisite.
Nope. A few graphs, preferably hockey-shaped, and a good story were all that was necessary.
My venture failed, of course. But if I were to do it again, I would do myself the favor of having a complete plan. It would definitely save a lot of headaches and guessing in the moment.
Some of the slippery slopes include the wanton privatization and outsourcing of government especially for things that create perverse incentives like for-profit prisons, education, and healthcare, and so-called private-public "partnerships" that usually turn out to be predatory "gotcha capitalism" monopolies that charge people for things that were previously free and paid for with taxes as commonwealth services.
OTOH, another pathology can happen in all sorts of money collecting organizations by putting profits/fees before mission, such as by making worse products or services to sell more of them, seeking maximum fines or fees unreasonably without offering value or a public service, or charging unreasonable fees for things that cost almost or nothing.
Closest thing I could find poking around.
Here is an example of one of their core growth plan items from the strategy above:
"Social Media Campaigns, Organic and Paid Driving key messages around digital hygiene, decentralisation, and security on social media platforms to raise awareness."
The whole pdf is basically a collection of the remedial "go-to" SaaS growth blog posts everyone thinking about startups read: make content, build a community, turn your community into advocates, write about things people care about etc etc.
Given I've done this stuff for some 20+ years now, here is what is missing and frankly what most folks miss/don't want to admit:
This document basically has no ICP, who is the ideal customer? What is their persona? Who specifically are they, like, super specifically! You can't start with "oh anyone who wants anon-privacy first msg'ing!" That would have been like me at digitalocean saying "oh it's for anyone who needs a VM" - you can't execute a series of steps with that, you can't boil the ocean so to speak, we had to work through communities one at a time, we did: rails, node, php, devops/config management, in that order, split up over quarters and years, maybe it looked like we just...did developers, but we didn't, we slowly worked our way through all the developer communities slightly tailoring towards them while keeping things general enough.
The biggest problem here tho is the classic vitamin vs. aspirin problem. They're selling "better privacy" and "decentralization" - these are vitamins for the vast majority of people - they're things people say they care about in surveys but don't actually switch apps for. The 85% of adults who "want to do more to protect their privacy" aren't switching off WhatsApp. Are they the most secure messenger, or are they a token ecosystem with staking? Those attract fundamentally different people with different motivations...so just bolting them together creates confusion.
Folks need to stop thinking "we're going to do marketing" = "we're going to build a business" marketing, go to market, growth.. these are tiny components of overall business strategy.
"We'll gather a bunch of talented people together, figure out what this industry needs and then do that, let's hope we can do that before the money runs out" can be a viable business plan. There's no guarantee it's going to work, there's never a guarantee a plan is going to work, but it can work sometimes.
Vast majority of products and services can continue on or near zero, with slow or zero velocity.
Really, you can't fire half the team if you have to and keep operating?
1.75M MAU requires very small infrastructure.
> In most markets Senior developers often command salaries exceeding $150,000 USD per year
Why not outsource this to a cheaper country? For example, here in Germany salaries are about half of that, and the talent pool is excellent.
Donations are fine, but something needs to change or people are just propping up a non-viable business.
An anecdote I have: a friend once had narcotics shipped intl. through Session a few years ago.
> In most markets Senior developers often command salaries exceeding $150,000 USD per year
Not really, there's basically a single sub-market in the US market where that is the norm.
If we knew what it was, we might want to help.
Project(s) whom, moreover, have often weird shills that, if you squint your eyes just a little bit, suddenly look like xxxINT moles.
So if only for that tagline, thanks a huge lot: metadata are more important than the content of the messages themselves and you have no privacy if your phone number and contacts are known.
> To date, the STF has received approximately $65,000 in donations. This is enough to maintain critical Session infrastructure for the next 90 days.
Excuse me, what?! Spending $22k a month in infra as a pre-money startup is insane.
> 65000 USD in donations > enough for infrastructure for the next 90 days
20k per month in infrastructure. Excuse me, what?
Edit: here is a snippet from google AI:
One thing that I've learned is that privacy is a secondary concern. It's never a primary one.
If your app's main differentiation is privacy, it won't sell. Users just don't care about it that much.
https://getsession.org/a-messaging-app-that-cant-sell-out
Support told me that login method had been around for a while, and I didn’t know it. So suddenly, I was locked out and couldn’t access MY ACCOUNT. I used to promote Session, but since their support response was basically a big “fuck you,” I say “fuck you too,” and I hope people switch to SimpleX.
Grounding identity in a phone number is very reasonable for almost all normal usage. It makes recovery simple. It does block the ultra paranoid use cases though. Oh well.
Hack Club almost went insolvent in 2017. We would have, if it wasn’t for 2 friends who stepped in near the end and saved us. Today there are tens of thousands of teens involved and doing amazing things.
I’m disappointed by all the negativity in the comments. I’m not familiar with Session, but raising donor funds is a very different skillset than software engineering and anyone who is trying to do both has my respect.
I just checked and they claim to have moved their infra to Switzerland.
There are many other issues, some I've forgotten about since I would never trust it in the first place. They also require a phone number even!
Seeing them go, I feel neutral. It's always good to have more anonymity software, just not this for me.
> In most markets Senior developers often command salaries exceeding $150,000 USD per year, and on top of this there are legal and operational overheads for running the STF.
Translation:
Our product makes no money, has no use case and we need $1M to survive.
Two ways a PE "cost saver" would fix this:
1. Claude + 1x senior engineer (in India).
2. CTO + Claude and no senior engineers / employees.
Given we have (allegedly) achieved "AGI" (heavily disputed) they don't need as many employees.
Especially those that are after $150k+ which when you can vibe code with Claude for less than $10k anyway. /s
Job done.
They're hoping one of the rich dark web drug lords that use the app will sponsor them with crypto.